nuclei-templates/file/nodejs/xss-disable-mustache-escape...

18 lines
664 B
YAML
Raw Normal View History

id: xss-disable-mustache-escape
info:
name: XSS Disable Mustache Escape
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
tags: file,nodejs,mustache,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "[\\w\\W]+?\\.escapeMarkup = false"
# digest: 4a0a00473045022041c26d15e30a67da51faf8296e3dcfa26d1debb48e546df53fd49950ac2755bc022100ba0c25be763311d27fd4b84f86a184a622246c44589a783faac58165f161b5c9:922c64590222798bb761d5b6d8e72950